Penetration Testing using Kali Linux: SQL Injection, XSS, Wordpres, and WPA2 Attacks

Nowadays, computers, smart phones, smart watches, printers, projectors, washing machines, fridges, and other mobile devices connected to Internet are exposed to various threats and exploits. Of the various attacks, SQL injection, cross site scripting, Wordpress, and WPA2 attack were the most popular security attacks and will be further investigated in this paper. Kali Linux provides a great platform and medium in learning various types of exploits and peneteration testing. All the simulated attack will be conducted using Kali Linux installed on virtual machine in a compuer with Intel Core i5 and 8 GB RAM, while the victim’s machine is the host computer which run Windows 10 version 1709. Results showed that the attacks launched both on web and firewall were conducted successfully.

[1]  Bing Zhou,et al.  Enhanced Approach to Detection of SQL Injection Attack , 2016, 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA).

[2]  Ar Kar Kyaw,et al.  Dictionary attack on Wordpress: Security and forensic analysis , 2015, 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec).

[3]  Nurul Fariza Zulkurnain,et al.  On the Review and Setup of Security Audit using Kali Linux , 2018, Indonesian Journal of Electrical Engineering and Computer Science.

[4]  Frank Piessens,et al.  Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys , 2016, USENIX Security Symposium.

[5]  Thaier Hayajneh,et al.  Penetration testing: Concepts, attack methods, and defense strategies , 2016, 2016 IEEE Long Island Systems, Applications and Technology Conference (LISAT).

[6]  Phivos Mylonas,et al.  Real-Life Paradigms of Wireless Network Security Attacks , 2011, 2011 15th Panhellenic Conference on Informatics.

[7]  Alessandro Orso,et al.  A Classification of SQL Injection Attacks and Countermeasures , 2006, ISSSE.

[8]  Prashant S. Shinde,et al.  Cyber security analysis using vulnerability assessment and penetration testing , 2016, 2016 World Conference on Futuristic Trends in Research and Innovation for Social Welfare (Startup Conclave).

[9]  Ram Shringar Raw,et al.  A comprehensive inspection of cross site scripting attack , 2016, 2016 International Conference on Computing, Communication and Automation (ICCCA).

[10]  Touhid Bhuiyan,et al.  A Case Study of SQL Injection Vulnerabilities Assessment of .bd Domain Web Applications , 2015, 2015 Fourth International Conference on Cyber Security, Cyber Warfare, and Digital Forensic (CyberSec).

[11]  Lionel C. Briand,et al.  Automated testing for SQL injection vulnerabilities: an input mutation approach , 2014, ISSTA 2014.